Académique Documents
Professionnel Documents
Culture Documents
Copyright
Copyright 2005, Barracuda Networks www.barracudanetworks.com v3.2.22 All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice.
Trademarks
Barracuda Spam Firewall is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders.
Contents
Chapter 1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Energize Updates Minimize Administration and Maximize Protection . . . . 10 Understanding Spam Scoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Inbound and Outbound Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Warranty Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Barracuda Spam Firewall Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Locating Information in this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 BASIC Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 BLOCK/ACCEPT Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 USERS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 DOMAINS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 ADVANCED Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Chapter 2 Setting Up the Barracuda Spam Firewall . . . . . . . . . . . 17
Step 1. Verify you Have the Necessary Equipment . . . . . . . . . . . . . . . . . . . . . . 17 Step 2. Install the Barracuda Spam Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Step 3. Configure the System IP Address and Network Settings. . . . . . . . . . . . 18 Step 4. Configure your Corporate Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Step 5. Configure the Barracuda Spam Firewall . . . . . . . . . . . . . . . . . . . . . . . . 19 Step 6. Update the System Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Step 7. Verify your Subscription Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Step 8. Route Incoming Email to the Barracuda Spam Firewall . . . . . . . . . . . . 23 Port Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 MX Records. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Step 9. Tune the Default Spam Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Installation Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Barracuda Spam Firewall Behind Corporate Firewall . . . . . . . . . . . . . . . . . 25 Barracuda Spam Firewall in the DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Configuring your System for Outbound Mode . . . . . . . . . . . . . . . . . . . . . . . . . 27 Outbound Mode Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Changing to Outbound Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Setting up your Email Server as a Smart/Relay Host . . . . . . . . . . . . . . . . . . 27
Contents 3
Chapter 3
Basic Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Monitoring System Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Using the Status page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Understanding the Indicator Lights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Monitoring the Message Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Classifying Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Overview of the Message Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Changing the Viewing Preferences of the Message Log . . . . . . . . . . . . . . . . 34 Viewing Message Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Clearing the Message Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Configuring the Global Spam Scoring Limits . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Specifying the Subject Text and Priority of Tagged Messages . . . . . . . . . . . . . 36 Enabling and Disabling Virus Checking and Notification . . . . . . . . . . . . . . . . . 37 Setting Up Quarantine Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Specifying the Quarantine Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Specifying the Global Quarantine Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Specifying the Per-User Quarantine Settings. . . . . . . . . . . . . . . . . . . . . . . . . 39 Configuring System IP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Controlling Access to the Administration Interface . . . . . . . . . . . . . . . . . . . . . . 41 Changing the Password of the Administration Account . . . . . . . . . . . . . . . . 41 Limiting Access to the Administration Interface and API. . . . . . . . . . . . . . . 41 Changing the Web Interface Port and Session Expiration Length. . . . . . . . . 42 Shutting Down the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Resetting the System Using the Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . 42 Automating the Delivery of System Alerts and Notifications . . . . . . . . . . . . . . 43 Changing the Operation Mode of the System. . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Enabling Users to Classify Messages from a Mail Client . . . . . . . . . . . . . . . . . 44 Using the Microsoft Outlook and Lotus Notes Plug-in . . . . . . . . . . . . . . . . . 45 Managing the Bayesian Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Resetting the Bayes Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Sending Spam Messages to Barracuda Networks . . . . . . . . . . . . . . . . . . . . . 46 Synchronizing the Bayesian Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Enabling Intent Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Reducing Backscatter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Changing the Language of the Administration Interface . . . . . . . . . . . . . . . . . . 48 Chapter 4 Using the Block and Accept Filters . . . . . . . . . . . . . . . . 49
Subscribing to Blacklist Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Blacklist Services Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 What Happens if your Domain or IP Address is on a Blacklist. . . . . . . . . . . 51 IP Address Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Sender Domain Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Sender Email Address Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Recipient Email Address Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Attachment Type Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Subject Line Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Body Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Header Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Chapter 5 Managing Accounts and Domains. . . . . . . . . . . . . . . . . 57
How the Barracuda Spam Firewall Creates New Accounts. . . . . . . . . . . . . . . . 57 Viewing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Using Filters to Locate Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Editing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Removing Invalid User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Assigning Features to User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Overriding the Quarantine Settings for Specific User Accounts . . . . . . . . . . . . 61 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Overriding Quarantine Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Backing Up and Restoring User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Setting Retention Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Adding New Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Editing Domain Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Using LDAP to Authenticate Message Recipients. . . . . . . . . . . . . . . . . . . . . . . 65 Using LDAP for User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Impact of a Down LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Common LDAP Settings for Standard Mail Servers. . . . . . . . . . . . . . . . . . . 67 Chapter 6 Advanced Administration. . . . . . . . . . . . . . . . . . . . . . . . 69
Modifying the Email Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Configuring Message Rate Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Activating Individual Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Backing Up and Restoring System Configuration . . . . . . . . . . . . . . . . . . . . . . . 73 Performing Desktop Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Automating Backups (inbound mode only). . . . . . . . . . . . . . . . . . . . . . . . . . 73 Restoring from a Backup File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Updating Spam and Virus Definitions Using Energize Updates . . . . . . . . . . . . 75 Spam Definition Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Virus Definition Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Updating the System Firmware Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Customizing the Appearance of the Administration Interface . . . . . . . . . . . . . . 76 Using a Syslog Server to Centrally Manage System Logs. . . . . . . . . . . . . . . . . 77 Setting up Trusted Relays and SASL/SMTP Authentication. . . . . . . . . . . . . . . 78 Customizing the Outbound Footer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Configuring the Network Interfaces on Models 600 and Above . . . . . . . . . . . . 79 Setting Up Clustered and Standby Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Cluster Set up Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Contents 5
Data Propagated to the Clustered Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Field Descriptions for the Clustering Page . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Impact of Changing the IP Address of a Clustered System . . . . . . . . . . . . . . 82 Implementing Single Sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Enabling SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Detecting Spam in Chinese and Japanese Messages . . . . . . . . . . . . . . . . . . . . . 86 Customizing Non-Delivery Reports (NDRs) . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Generating System Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Displaying and Emailing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Automating the Delivery of Daily System Reports . . . . . . . . . . . . . . . . . . . . 89 Specifying Report Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Example Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Enabling SMTP over TLS/SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Using the Task Manager to Monitor System Tasks . . . . . . . . . . . . . . . . . . . . . . 91 Replacing a Failed System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Rebooting the System in Recovery Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Tasks to Perform Before Rebooting in Recovery Mode . . . . . . . . . . . . . . . . 92 Performing a System Recovery or Hardware Test. . . . . . . . . . . . . . . . . . . . . 92 Reboot Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Chapter 7 Outbound Mode Features . . . . . . . . . . . . . . . . . . . . . . . . 95
Tabs and Pages Supporting Outbound Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 About Outbound Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Viewing Outbound Messages in the Message Log. . . . . . . . . . . . . . . . . . . . . . . 96 Changing the Footers on Outbound Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Specifying Allowed Senders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Specifying Allowed Senders by Domain and IP Address . . . . . . . . . . . . . . . 97 Specifying Allowed Senders Using SMTP Authentication . . . . . . . . . . . . . . 98 Additional Email Protocol Settings for Outbound Mode . . . . . . . . . . . . . . . . . . 98 Enabling Intent Analysis and Spam Scoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Managing the Quarantine Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Sending NDRs for Quarantined Messages. . . . . . . . . . . . . . . . . . . . . . . . . . 100 Viewing and Classifying Quarantined Messages. . . . . . . . . . . . . . . . . . . . . 100 Using Filters to Locate Specific Messages . . . . . . . . . . . . . . . . . . . . . . . . . 100 Configuring Message Rate Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Adding a Relay Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Chapter 8 Managing your Quarantine Inbox . . . . . . . . . . . . . . . . . 103
Receiving Messages from the Barracuda Spam Firewall . . . . . . . . . . . . . . . . . 103 Greeting Message. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Quarantine Summary Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Using the Quarantine Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Logging into the Quarantine Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Managing your Quarantine Inbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Changing your User Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Changing your Account Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Changing Your Quarantine Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Enabling and Disabling Spam Scanning of your Email . . . . . . . . . . . . . . . 107 Adding Email Addresses and Domains to Your Whitelist and Blacklist . . 108 Changing the Language of the Quarantine Interface. . . . . . . . . . . . . . . . . . 108 Appendix A About Regular Expressions . . . . . . . . . . . . . . . . . . . 109
Contents 7
Chapter 1
Introduction
This chapter provides an overview of the Barracuda Spam Firewall and includes the following topics:
Overview (on this page). Locating Information in this Document (page 12). Warranty Policy (page 12). Barracuda Spam Firewall Models (page 13). Locating Information in this Document (page 14).
Overview
The Barracuda Spam Firewall is an integrated hardware and software solution that provides powerful and scalable spam and virus-blocking capabilities that do not bog down your email servers. The system has no per-user license fee and can scale to support tens of thousands of active email users. Using the Web-based administration interface, you can configure up to ten defense layers that protect your users from spam and viruses. The ten defense layers are:
Denial of service and security protection IP block list Rate control Virus check with archive decompression Proprietary virus check User-specified rules Spam fingerprint check Intention analysis Bayesian analysis Rule-based spam scoring
Chapter 1
Introduction 9
Overview
Access to known offending IP addresses Known spam messages instantly blocked Known spam content blocked Virus definitions constantly updated
Overview
The following figure shows how Barracuda Central provides the latest spam and virus definitions through the Energize Update feature.
A messages header and subject line for offending characters or words The percentage of HTML in the message Whether a message contains an 'unsubscribe' link
These properties (along with many others) help the Barracuda Spam Firewall determine a messages spam score, which is displayed on the Message Log page of the administration interface. The Energize Update feature keeps the spam rules and scores up-to-date so the Barracuda Spam Firewall can quickly counteract the latest techniques used by spammers.
Chapter 1 Introduction 11
Technical Support
Inbound Mode (default) scans all incoming messages for viruses and spam probability. This mode ensures all email delivered to your users is virus-free and legitimate. Outbound Mode scans all outgoing messages (from your users) for viruses and spam probability. This mode ensures all email leaving your network is virus-free and legitimate.
Your Barracuda Spam Firewall can only operate in one of these two modes. By default, all Barracuda Spam Firewalls are configured for inbound mode when shipped. For information on how to configure your Barracuda Spam Firewall for outbound mode, refer to Configuring your System for Outbound Mode on page 27. For information about the specific features relating to outbound mode, refer to Chapter 7: Outbound Mode Features.
Technical Support
To contact Barracuda Networks technical support:
By phone, call (408) 342-5400, (888) Anti-Spam, or (888) 268-4772 By email, use support@barracudanetworks.com User forum: http://forum.barracudanetworks.com
Warranty Policy
The Barracuda Spam Firewall has a 90 day warranty against manufacturing defects.
Chapter 1 Introduction 13
BASIC Tab
The following table lists the topics associated with each page on the BASIC tab.
Admin Interface Page Status Message Log Spam Scoring (inbound mode only) Refer to... Monitoring System Status on page 29 Monitoring the Message Log on page 32 Configuring the Global Spam Scoring Limits on page 36 Specifying the Subject Text and Priority of Tagged Messages on page 36 Enabling and Disabling Virus Checking and Notification on page 37 Setting Up Quarantine Policies on page 37 Configuring System IP Information on page 40 Controlling Access to the Administration Interface on page 41 Shutting Down the System on page 42 Automating the Delivery of System Alerts and Notifications on page 43 Changing the Operation Mode of the System on page 43 Bayesian/Intent (inbound mode only) Enabling Users to Classify Messages from a Mail Client on page 44 Managing the Bayesian Database on page 46 Enabling Intent Analysis on page 47
BLOCK/ACCEPT Tab
The following table lists the topics associated with each page on the BLOCK/ACCEPT tab.
Admin Interface Page External Blacklists (inbound mode only) IP Block/Accept Sender Domain Block/Accept Email Sender Block/Accept Email Recipient Block/Accept Attachment Filtering Subject Filtering Body Filtering Header Filtering Refer to... Subscribing to Blacklist Services on page 49 IP Address Filters on page 51 Sender Domain Filters on page 52 Sender Email Address Filter on page 52 Recipient Email Address Filter on page 53 Attachment Type Filter on page 53 Subject Line Filter on page 54 Body Filter on page 55 Header Filter on page 55
USERS Tab
The following table lists the topics associated with each page on the USERS tab. This tab is not available
in outbound mode or in models 200, 300 and 400). Admin Interface Page Account View Refer to... Viewing User Accounts on page 58 Editing User Accounts on page 59 Removing Invalid User Accounts on page 60 User Features User Add/Update User Backup/Restore Retention Policies Assigning Features to User Accounts on page 60 Overriding the Quarantine Settings for Specific User Accounts on page 61 Backing Up and Restoring User Settings on page 62 Setting Retention Policies on page 63
DOMAINS Tab
The following table lists the topics associated with each page on the DOMAINS tab. This tab is not available in models 200 and 300.
Admin Interface Page Domain Manager Refer to... Adding New Domains on page 63 Editing Domain Settings on page 64 Using LDAP to Authenticate Message Recipients on page 65
ADVANCED Tab
The following table lists the topics associated with each page on the ADVANCED tab.
Admin Interface Page Email Protocol Rate Controls Explicit Users (inbound mode only) Backup Energize Updates Firmware Update Appearance (inbound mode only) Syslog Outbound / Relay (inbound mode only) Outbound Footer Refer to... Modifying the Email Protocol Settings on page 70 Configuring Message Rate Control on page 72 Activating Individual Accounts on page 72. Backing Up and Restoring System Configuration on page 73 Updating Spam and Virus Definitions Using Energize Updates on page 75 Updating the System Firmware Version on page 76 Customizing the Appearance of the Administration Interface on page 76 (not supported in models 200/300/400) Using a Syslog Server to Centrally Manage System Logs on page 77 (not supported in model 200) Setting up Trusted Relays and SASL/SMTP Authentication on page 78 Customizing the Outbound Footer on page 79
Chapter 1 Introduction 15
Admin Interface Page Advanced IP Configuration (inbound mode only) Clustering Single Sign-on (inbound mode only) SSL Regional Settings Bounce/NDR Messages Troubleshooting Reporting SMTP / TLS Task Manager
Refer to... Configuring the Network Interfaces on Models 600 and Above on page 79 Setting Up Clustered and Standby Systems on page 79 (not supported in model 200/300) Implementing Single Sign-on on page 83 (not supported in model 200/300) Enabling SSL on page 84 Detecting Spam in Chinese and Japanese Messages on page 86 Customizing Non-Delivery Reports (NDRs) on page 86 Troubleshooting on page 88 Generating System Reports on page 89 Enabling SMTP over TLS/SSL on page 91 Using the Task Manager to Monitor System Tasks on page 91
Chapter 2
The end of this chapter also provides example installation scenarios you can use as a reference to help integrate the Barracuda Spam Firewall into your network environment. Note: If you will be using your Barracuda Spam Firewall to scan outgoing messages instead of incoming messages, refer to Configuring your System for Outbound Mode on page 27 before you start installing the system.
Barracuda Spam Firewall (check that you have received the correct model) AC power cord Ethernet cables Mounting rails (models 600, 800, and 900 only) VGA monitor (recommended) PS2 keyboard (recommended)
Warning: Do not block the cooling vents located on the front and rear of the unit.
2. Connect a CAT5 Ethernet cable from your network switch to the Ethernet port on the back of your
Barracuda Spam Firewall. The Barracuda Spam Firewall supports both 10BaseT and 100BaseT Ethernet. We recommend using a 100BaseT connection for best performance. Note: The Barracuda Spam Firewall 600 and 800 support Gigabit Ethernet and has two usable LAN ports. On these models, plug the Ethernet cable into the LAN 2 port. Do not connect any other cables to the other connectors on the unit. These connectors are for diagnostic purposes.
3. Connect the following to your Barracuda Spam Firewall:
Power cord VGA monitor PS2 keyboard Result: After you connect the AC power cord the Barracuda Spam Firewall may power on for a few seconds and then power off. This is standard behavior.
4. Press the Power button located on the front of the unit
Result: The login prompt for the administrative console is displayed on the monitor, and the light on the front of the system turns on. For a description of each indicator light, refer to Understanding the Indicator Lights on page 31.
Connecting directly to the Barracuda Spam Firewall and specifying a new IP address through the console interface, or Pushing and holding the RESET button on the front panel. Holding the RESET button for 8 seconds changes the default IP address to 192.168.1.200. Holding the button for 12 seconds changes the IP address to 10.1.1.200.
Result: The User Confirmation Requested window displays the current IP configuration of the system.
2. Using your Tab key, select Yes to change the IP configuration.
3. Enter the new IP address, netmask and default gateway for your Barracuda Spam Firewall, and
Result: The new IP address and network settings are applied to the Barracuda Spam Firewall.
Port 22 25 53 80 123
Used for... Remote diagnostics and technical support services (optional) Email and email bounces Domain Name Server (DNS) Virus, firmware and spam rule updates NTP (Network Time Protocol)
2. If appropriate, change the NAT routing of your corporate firewall to route incoming email to the
Barracuda Spam Firewall. Consult your firewall documentation or your corporate firewall administrator to make the necessary changes.
Example: http://192.168.200.200:8000
2. Log in to the administration interface by entering admin for the username and admin for the
password.
Chapter 2
Note: One Barracuda Spam Firewall can support multiple domains and mail servers. If you have multiple mail servers, go to the DOMAINS tab and enter the mail server associated with each domain.
If you changed the IP address of your Barracuda Spam Firewall, you are disconnected from the administration interface and will need to log in again using the new IP address.
5. Go to the BASIC-->Administration page and do the following: a. Assign a new administration password to the Barracuda Spam Firewall (optional). b. Make sure the local time zone is set correctly.
Time on the Barracuda Spam Firewall is automatically updated via NTP (Network Time Protocol) and therefore requires port 123 to be open for inbound and outbound UDP traffic on your firewall (if the Barracuda Spam Firewall is located behind one). It is important that the time zone be set correctly because this information is used to determine the delivery times for messages and may appear in certain mail reading programs.
c. Click Save Changes.
Updating the firmware may take several minutes. Do not turn off the unit during this process. The Download Now button will be disabled if the system already has the latest firmware version. Result: The system begins downloading the latest firmware version. A message displays once the download is complete.
3. Click Apply Now when the download completes. 4. Click OK when prompted to reboot the system. 5. Read the release notes to learn about the latest features and fixes provided in the updated firmware
version. You can access the release notes from the ADMIN-->Firmware Update page.
Updates and Replacement Service (if purchased). The following graphic shows the location of the Subscription Status section.
Chapter 2
page.
Click to activate your subscription
b. On the product activation page, fill in the required fields and click Activate. A confirmation
page. The status of your subscriptions should now be displayed as Current. Note: If your subscription status does not change to Current, or if you have trouble filling out the product activation page, call Barracuda Networks at 888-ANTISPAM and ask for a sales or support representative.
Port forwarding (used when your Barracuda Spam Firewall is behind a corporate firewall) MX records (used when your Barracuda Spam Firewall in the DMZ)
Note: Do not try to route outgoing email through the Barracuda Spam Firewall unless you have configured the Relay operation or are using the Barracuda Spam Firewall in outbound mode. After you route incoming email to the Barracuda Spam Firewall, it will start filtering all emails it receives and route the good email to your email server.
Port Forwarding
When your Barracuda Spam Firewall is behind a corporate firewall, you need to do a port redirection (also called port forwarding) of incoming SMTP traffic (port 25) to the Barracuda Spam Firewall. For more information about port forwarding, refer to your firewall documentation or administrator.
MX Records
If your Barracuda Spam Firewall is in the DMZ (not protected by your corporate firewall), do the following to route incoming messages to the system:
1. Create a DNS entry for your Barracuda Spam Firewall.
The following example shows a DNS entry for a Barracuda Spam Firewall with a name of barracuda and an IP address of 66.233.233.88: barracuda.yournetwork.com IN A 66.233.233.88
2. Change your DNS MX Records.
The following example shows the associated MX record with a priority number of 10: IN MX 10barracuda.yournetwork.com
Chapter 2
Installation Examples
Installation Examples
This section provides example installation scenarios you can reference to help determine the best way to integrate the Barracuda Spam Firewall into your network environment.
Forward (port redirection) incoming SMTP traffic on port 25 to the Barracuda Spam Firewall at 10.10.10.3. Configure the Barracuda Spam Firewall to forward filtered messages to the destination mail server at 10.10.10.2.
Chapter 2
Installation Examples
Assign an available external IP address to the Barracuda Spam Firewall. Change the MX (Mail Exchange) records on the DNS (Domain Name Server) to direct traffic towards the Barracuda Spam Firewall. Create an A record and MX record on your DNS for the Barracuda. The following example shows a DNS entry for a Barracuda Spam Firewall with a name of barracuda and an IP address of 64.5.5.5.
barracuda.yourdomain.com IN A 64.5.5.5
The following example shows the associated MX record with a priority number of 10:
IN MX 10 barracuda.yournetwork.com
Inbound Mode (default) scans all incoming messages for viruses and spam probability. Outbound Mode scans all outgoing messages (from your users) for viruses and spam probability. This mode ensures all email leaving your network is virus-free and legitimate.
page 27).
3. Set up your email server as a smart/relay host.
All your message log data and quarantine messages are deleted. System configuration remains in tact. However, you should verify that the configuration options are appropriate for outbound mode.
If you are changing the mode on a brand new system you do not have to worry about these considerations. However, if your Barracuda Spam Firewall has been operating for a while in inbound mode, you need to consider the impact of changing modes. To change from inbound to outbound mode:
1. Go to the BASIC-->Administration page. 2. In the Operation Mode section, click Convert. 3. Click OK to confirm you want to change your Barracuda Spam Firewall to outbound mode.
Result: A status bar displays the progress of switching your Barracuda Spam Firewall to outbound mode. Once the switchover completes, your Barracuda Spam Firewall automatically reboots.
Chapter 2
The following Web sites provide instructions on how to set up specific email servers as a smart/relay host. For additional information, consult your email server administrator and documentation.
Email Server Microsoft Exchange Server 2003 Novell Groupwise Server Lotus Domino Server Refer to... http://support.microsoft.com/kb/265293 http://www.novell.com/documentation/gw55/index.html?page=/ documentation/gw55/gw55ia/data/a2zi22h.html http://www-12.lotus.com/ldd/doc/domino_notes/Rnext/help6_admin.nsf/ f4b82fbb75e942a6852566ac0037f284/ 14cdfeaa188fa90a85256c1d003955af?OpenDocument
Chapter 3
Basic Administration
This chapter covers basic administration tasks, most of which can be performed from the BASIC tab.
Monitoring System Status Understanding the Indicator Lights Monitoring the Message Log Configuring the Global Spam Scoring Limits Specifying the Subject Text and Priority of Tagged Messages Enabling and Disabling Virus Checking and Notification Setting Up Quarantine Policies Configuring System IP Information Controlling Access to the Administration Interface Shutting Down the System Automating the Delivery of System Alerts and Notifications Changing the Operation Mode of the System Enabling Users to Classify Messages from a Mail Client Managing the Bayesian Database Enabling Intent Analysis Reducing Backscatter Changing the Language of the Administration Interface page 29 page 31 page 32 page 36 page 36 page 37 page 37 page 40 page 41 page 42 page 43 page 43 page 44 page 46 page 47 page 47 page 48
BASIC-->status page in the administration interface Indicator lights on the front of the system
Email statistics that display how many messages the system has blocked and quarantined Performance statistics
Email Statistics The following table describes the email statistics displayed on the Status page.
Statistic Blocked Blocked: Virus Quarantined Description Number of virus and spam messages blocked by the system. Number of virus messages blocked by the system. Number of messages quarantined by the system. This includes messages sent to the global quarantine address and the number of messages quarantined by users. By default, the system does not quarantine messages. To turn on the quarantine feature, refer to Setting Up Quarantine Policies on page 37. Number of messages tagged by the system. Tagged messages have their subject line modified based on the settings on the Spam Scoring page (described on page 36). Number of messages delivered to the intended recipient without being blocked or modified. Email statistics for the system since installation or the last reset. Email statistics for the current calendar day (from midnight to midnight). Email statistics beginning at the top of the current hour. For example, if it is currently 10:45am, the statistics are for the time period from 10:00am to 10:45am.
Allowed: Tagged
Performance Statistics The following table describes the system environmental conditions displayed on the Status page. Note: Statistics displayed in red signify that the value exceeds the normal threshold.
Statistic In/Out Queue Size Description Displayed as a ratio, such as 10/5. The first number represents the amount of inbound mail, which includes accepted messages waiting for virus and spam scanning. The second number represents the amount of outbound mail in the queue. Click on the inbound or outbound number to see a summary of the messages currently in the queue. Average Latency Last Message Unique Recipients System Load Average elapsed time it takes the system to tag, quarantine, or deliver a message. How long ago the last message was delivered. Number of unique recipients receiving email during the last 24 hours. This number does not include recipients that were rejected. Estimate of the CPU and disk load on the system. 100% system load is not unusual, especially when the incoming queue is large. However, 100% load for long periods of time could indicate an internal system issue, especially if the incoming queue continues to grow. Redundancy Status of the RAID system.
Note: The redundancy statistics do not appear for the 200 and 300 models.
Firmware Storage Mail/Log Storage Amount of disk storage used for various system components. Amount of disk storage used for messages and log store.
The firmware and mail/log storage shows the percent of space used on each partition. The Barracuda Spam Firewall emails a system alert when utilization approaches 90% on either of these partitions. Contact Barracuda Networks technical support if a partition reaches this threshold. Subscription Status This section identifies if the following subscriptions are current or expired:
If one of these subscriptions has expired, contact your Barracuda Networks sales representative to reactivate your subscription. Hourly and Daily Mail Statistics Shows the number of messages blocked, quarantined, and allowed for the last 25 days and 24 hours.
3
Legend
1. Slider bar lets you select the time frame of the message log. 2. Preferences button lets you customize the message log display. 3. Classification buttons let you mark messages as spam and not spam and add senders to the global
whitelist.
4. List of all messages for the specified time frame. Click an entry to view the message details.
Classifying Messages
Classifying messages is one of the easiest ways to set up rules that determine how the Barracuda Spam Firewall handles incoming messages. The following table describes the buttons to use when classifying messages on the Message Log page.
Button Spam Description Classifies the message as spam in the Bayesian database. The Bayesian database becomes active once 200 spam messages and 200 not spam messages have been classified. At that time, the Barracuda Spam Firewall begins scanning messages to determine how closely they match the messages identified as spam. This comparison determines a messages spam score. If per-user quarantine is enabled, message classification performed by each individual user is also applied to the Bayesian database. To view the number of messages currently classified as Spam, go to the BASIC--> Bayesian/Intent page.
Note: Note: Messages marked as Spam are sent to Barracuda Networks for analysis unless the Submit Email to Barracuda Networks field is set to No on the BASIC-->Bayesian/Intent page covered on page 46.
Not Spam Classifies the message as Not Spam in the Bayesian database. The Bayesian database becomes active once 200 spam messages and 200 not spam messages have been classified. At that time, the Barracuda Spam Firewall begins scanning messages to determine how closely they match the messages identified as not spam. This comparison determines a messages spam score. If per-user quarantine is enabled, message classification performed by each individual user is also applied to the Bayesian database. To view the number of messages currently classified as Not Spam, go to the BASIC-->Bayesian/Intent page. Whitelist Adds the sender of the message to the global whitelist. Messages from whitelisted senders do not receive a spam score. Messages from whitelisted senders still go through: Virus checking Attachment type filtering (covered on page 53) Blocking filters for header, body and subject content (covered Chapter 4: Using the Block and Accept Filters) Un-Whitelist Clear Message Log Removes the sender of the message from the global whitelist. Clears all the logs that are currently displayed. This does not clear the Bayesian database that contains the rules you have set up for incoming messages.
Hide columns you do not want displayed. Change the order of the columns so more important columns appear first. Increase or decrease the width of the columns. Show messages from the local Barracuda Spam Firewall only (clustered environments). The default behavior is for the message log to display messages from all the Barracuda Spam Firewalls in your clustered environment. If Only view local messages is set to Yes, then the message log will not show messages received by other Barracuda Spam Firewalls in the cluster. Showing only local messages allows the administrator to only view the messages that they can classify, as opposed to messages from other systems in the cluster that the administrator cannot classify because the administrator is not logged into those other systems.
View Message tab to view the contents of the message View Source tab to view the contents including email headers. Deliver link to send the message to the intended recipient.
Viewing the message body can help you identify words or characters that you may want to include in body filtering. For example, if you notice a series of messages that advertise as seen on TV in the body, you can add as seen on as keywords that will either block, quarantine or tag messages containing those words. For more information on body filtering, refer to Body Filter on page 55. If you do not want the body of the email displayed for privacy reasons, you can select to hide the body content using the Message Log Privacy setting on the BASIC-->Administration page.
The messages spam score is over the tag threshold (but below the quarantine threshold). The block/accept filters identify a message that should be tagged. For information on setting up the block/accept filters to tag messages, refer to Chapter 4: Using the Block and Accept Filters.
If Set Low Priority is set to Yes, any messages that are tagged or quarantined are marked as low priority. By default, the Barracuda Spam Firewall sends a notification to senders when their emails are tagged as spam and not delivered to the recipient. To turn off automatic notification, set Send Bounce to No. Note: You can create rules in many mail clients to place tagged messages in a separate mail folder. For example, when your users receive spam messages with a subject tag of [BULK], you can configure their mail clients to deliver these messages to a folder called Possible Spam.
Note: On the Barracuda Spam Firewall 400 or above you can enable and disable virus checking on a per-domain basis from the DOMAINS tab. For more information, refer to Editing Domain Settings on page 64.
Notify Sender of Virus Interception: Determines whether the Barracuda Spam Firewall notifies the sender that their email has been blocked because it contained a virus. You should keep this option set to No to prevent the Barracuda Spam Firewall from sending mass email notification traffic in the event of a widespread virus outbreak.
information, refer to Configuring the Global Spam Scoring Limits on page 36.
2. Go to the BASIC-->Quarantine page. 3. Select the quarantine type, as described on page 38. 4. Do one of the following:
For global quarantine type, enter the global quarantine delivery address, as described on page 38. For per-user quarantine type, configure the per-user quarantine settings, as described on page 39.
5. Click Save Changes.
Note: If you have the Barracuda Spam Firewall 400 or above you can specify the quarantine delivery address on a per-domain basis by going to the DOMAINS tab and clicking the Edit Domains link.
Quarantine Subject Text Enter the text you want placed at the beginning of the subject line of a quarantined message. The default text is [SPAM]. This allows you to identify quarantined messages when you have them delivered to a mailbox that also receives non-quarantine messages.
Note: If your Barracuda Spam Firewall is running firmware version 3.1.x or earlier and is part of a clustered environment, then changing the IP address of the system removes it from the cluster. You will need to add the system back into the cluster after you change the IP address. If your Barracuda Spam Firewall is running firmware version 3.2.x or above, the system remains part of its cluster after its IP address changes.
Destination Mail Server TCP/IP Configuration (inbound mode only) Server Name/IP: The hostname or IP address of your destination email server, for example mail.yourdomain.com. This is the mail server that receives email after it has been checked for spam and viruses. You should specify your mail servers hostname rather than its IP address so the destination mail server can be moved and DNS updated at any time without any changes to the Barracuda Spam Firewall. TCP port is the port on which the destination mail server receives inbound email. This is usually port 25. Valid Test Email Address: To test that the Barracuda Spam Firewall can successfully send email messages, enter an address in this field and click Test SMTP Connection. The system sends a message to the email address you specify. The From address in this email is smtptest@barracudanetworks.com. DNS Configuration The primary and secondary DNS servers you use on your network. You should specify a primary and secondary DNS Server. Certain features of the Barracuda Spam Firewall, such as Fake Sender Domain detection, rely on DNS availability. Proxy Server Configuration (optional) (inbound mode only) If your Barracuda Spam Firewall is behind a proxy server, then you may need to enter one or more of the following parameters so the system can download Firmware and Energize Updates. Incorrect proxy settings can cause your updates to fail. Server Name/IP - The IP address or hostname of the proxy server. TCP Port - The port (usually 8080) used for proxy client authentication. Username - The proxy username (if any) assigned to your Barracuda Spam Firewall. Password - The proxy password (if any) assigned to your Barracuda Spam Firewall.
Description Default Hostname is the hostname to be used in the reply address for email messages (non-delivery receipts, virus alert notifications, etc.) sent from the Barracuda Spam Firewall. The hostname is appended to the default domain. Default Domain is the domain name used in the reply address for email messages (non-delivery receipts, virus alert notifications, etc.) sent from the Barracuda Spam Firewall.
Lists the domains managed by the Barracuda Spam Firewall. Make sure this list is complete. The Barracuda Spam Firewall rejects messages for domains that are not listed here. To allow messages for all domains that match your mail server, put an asterisk (*) in this field.
Note: One Barracuda Spam Firewall can support multiple domains and mail servers. If you have multiple mail servers, go to the DOMAINS tab and click the Edit Domains link to set up a different mail server for each domain.
Changing the Password of the Administration Account on this page. Limiting Access to the Administration Interface and API on this page. Changing the Web Interface Port and Session Expiration Length on page 42.
Additional information:
To add an individual IP address (instead of an entire network), use a netmask of 255.255.255.255. If you do not specify any IP addresses or networks, all systems are granted access.
Reboots the system Resets the firmware version to the factory setting
Do not push and hold the RESET button for longer than a few seconds as this changes the IP address of the system. Pushing and holding the RESET button for 8 seconds changes the default IP address to 192.168.1.200. Holding the button for 12 seconds changes the IP address to 10.1.1.200 Warning: Shutting down, resetting, or reloading the system can cause interruptions in email delivery.
All your message log data and quarantine messages are deleted. System configuration remains in tact. However, you should verify that the configuration options are appropriate for outbound mode.
Result: A status bar displays the progress of switching your Barracuda Spam Firewall to outbound mode. Once the switchover completes, your Barracuda Spam Firewall automatically reboots.
download.
Outlook plug-in Version 1 Version 2 Description Allows users to classify messages as spam and not spam from their Microsoft Outlook client. Contains all the functionality of version 1 and adds the automatic whitelist feature. This feature automatically adds email addresses to the users individual whitelist based on the users behavior. The Outlook plug-in version 2 automatically whitelists the following: The recipient address within each message sent by the user after the new Outlook plug-in is installed. This only applies to messages sent outside of the local mail server. The senders email address for messages that the user classifies as not spam. All email addresses the user adds to their Contact list in Outlook.
Result: A link to the mail plug-in appears at the bottom of the Administration interface login page so users can download the plug-in, as shown in the following example:
Whitelist email addresses associated with sent messages and new contacts Move spam-declared messages to the Deleted Items folder in the users Outlook client Whitelist the 'From:' email address within 'Not-Spam'-declared messages.
An individual can change the default behavior of the Outlook plug-in by going to the Tools menu in their Outlook client and selecting Options | Spam Firewall tab.
Note: Turning this option on can cause a slight increase in mail scanning time as network (DNS) lookups will need to be performed.
URL Exemptions Exemptions can be made for specific URLs from Intention Analysis. Any messages containing the exempted URLs will still be scanned, but the messages will not be blocked, quarantined or tagged.
Reducing Backscatter
By default, your Barracuda Spam Firewall is configured to send a bounce notification (also known as a non-delivery report) to a sender when the Barracuda Spam Firewall blocks their email.This is done to alert legitimate senders that their message has not been delivered to the recipient. However, if the email came from an illegitimate source like a spammer then sending a bounce notification is not necessary. Sending bounce messages to illegitimate senders is known as backscatter. Backscatter can increase the load on your Barracuda Spam Firewall and may generate a lot of email to fake addresses. If your Barracuda Spam Firewall rarely blocks a legitimate email, consider turning off bounce notification to reduce backscatter. To turn off notifications:
1. Turn off virus notification: a. On the BASIC-->Virus Checking page, set the two Virus Notification settings to No. b. Click Save Changes. 2. Turn off bounce notifications: a. On the BASIC-->Spam Scoring page, set the Send Bounce field to No. b. Click Save Changes. 3. Turn off attachment notifications: a. On the BLOCK/ACCEPT-->Attachment Filtering page, set the Block Notification fields to No. b. Click Save Changes.
Chapter 4
Description Free or subscription blacklists that you want to use. After entering the external blacklist, specify the action you want performed. Click Add and then Save Changes when finished. You can locate blacklists on the Internet by searching for DNSBL or RBL. However, be cautious and use only trusted blacklists.
Blacklist Options
Delay RBL CheckDetermines whether RBL checks are performed after the RCPT TO is given. Setting this option to Yes causes RBL checks to run after the RCPT TO is given in the SMTP transaction. This allows the sender/recipient information to appear in the message log. Setting this option to No results in only the IP being available in the message log entry. Blacklist Using Full Header ScanSet to Yes to let the Barracuda Spam Firewall scan email headers for blacklisted IP addresses. Scanning headers can impact system performance because the Barracuda Spam Firewall needs to do a DNS lookup for each header. For this reason, you should only enable this feature if mail from the Internet is not delivered directly to the Barracuda Spam Firewall.
xbl.spamhaus.org
relays.ordb.org
bl.spamcop.net
IP Address Filters
Your mail server may have been hijacked by a spammer to be used for spamming. Your mail server is an open relay meaning any one can use it to send emails to any recipient without any authentication. Spammers used your domain as a fake sender to send spam to recipients.
If your domain or IP address is on a blacklist, you will need to contact the blacklist provider to have it removed.
IP Address Filters
The IP Block/Accept page lets you filter messages based on the senders IP network. The following table describes the filters on this page.
Filter Allowed IP Range Description Add any IP addresses or networks that you wish to add to your whitelist. To add an individual IP address, use a netmask of 255.255.255.255. Whitelisted IP addresses bypass spam scoring as well as all other blacklists, but do go through virus, attachment, body, and subject filters. Click Add after adding each entry, followed by Save Changes. Blocked IP Range Add any IP addresses or networks to your blacklist. To add an individual IP address, use a netmask of 255.255.255.255. To help you calculate the correct subnet mask for a range of addresses, use a subnet mask calculator. Blacklisted IP addresses/networks bypass all whitelists with the exception of IP address/network-based whitelists. You can specify whether the IP/Range should be blocked, quarantined or tagged. Click Add after adding each entry, followed by Save Changes.
Note: Use the Comment field to add any notes about the blocked IP address. This is useful if more than one person manages your Barracuda Spam Firewall.
Note: If more than one person manages your Barracuda Spam Firewall, you may want to add an explanation in the Comment field that describes why the specified domains are whitelisted or blocked.
Note: If more than one person manages your Barracuda Spam Firewall, you may want to add an explanation in the Comment field that describes why the specified addresses are whitelisted or blocked.
Note: If more than one person manages your Barracuda Spam Firewall, you may want to add an explanation in the Comment field that describes why the specified domains are whitelisted or blocked.
Description Select Yes for the system to block messages that contain passwordprotected archive files (such as zip files). Password-protected archives cannot be scanned for file extensions. For this reason, you may want to block these type of archives.
Block Notification Notify intended receiver of Banned File Interception Notify sender of Banned File Interception Attachment Quarantine Quarantined Attachment Extensions Quarantine Extensions in Archives Add the attachment extensions (without the .) to quarantine. The complete email containing the attachment is sent to the quarantine account. Select Yes for the system to scan the contents archive files (such as zip files) for the extensions you want to quarantine. The Barracuda Spam Firewall quarantines the entire message if it has an archive file containing one of these extensions. Select Yes for the system to quarantine messages that contain passwordprotected archive files (such as zip files). Password-protected archives cannot be scanned for file extensions. For this reason, you may want to block these type of archives. Select Yes to notify recipients when an incoming email has been blocked because it contained a banned file extension. Select Yes to notify senders when one of their emails has been blocked because it contained a banned file extension.
You can enter multiple lines for each filter, but each line should contain one regular expression or word. Each line is applied independently. HTML comments and tags imbedded between characters in the HTML source are filtered out so content filtering applies to the actual words as they appear when viewed in a Web browser.
Body Filter
Body Filter
The Body Filtering page lets you filter messages based on the contents of a messages body. The following table describes the parameters on this page. Click Save Changes after making any changes.
Filter Message Content Blocking Message Content Quarantine Message Content Tagging (inbound mode only) Message Content Whitelisting Description Enter the words, regular expressions, or characters that will cause a message to be blocked if they appear in the message body. Enter the words, regular expressions, or characters that will cause a message to be quarantined if they appear in the message body. Enter the words, regular expressions, or characters that will cause a message to be tagged if they appear in the message body. Enter the words, regular expressions, or characters that will cause a message to be whitelisted if they appear in the message body.
You can enter multiple lines for each filter, but each line should contain one regular expression or word. Each line is applied independently. HTML comments and tags imbedded between characters in the HTML source are filtered out so content filtering applies to the actual words as they appear when viewed in a Web browser.
Header Filter
The Header Filtering page lets you filter messages based on the contents of a messages header. The following table describes the parameters on this page. Click Save Changes after making any changes.
Filter Header Blocking Header Quarantine Header Tagging (inbound mode only) Header Whitelisting Description Enter the words, regular expressions, or characters that will cause a message to be blocked if they appear in the email header. Enter the words, regular expressions, or characters that will cause a message to be quarantined if they appear in the email header. Enter the words, regular expressions, or characters that will cause a message to be tagged if they appear in the email header. Enter the words, regular expressions, or characters that will cause a message to be whitelisted if they appear in the email header.
You can enter multiple lines for each filter, but each line should contain one regular expression or word. Each line is applied independently. HTML comments and tags imbedded between characters in the HTML source are filtered out so content filtering applies to the actual words as they appear when viewed in a Web browser.
Header Filter
Chapter 5
You enable quarantine and set the type to per-user. For more information on enabling quarantine, refer to Setting Up Quarantine Policies on page 37. The Barracuda Spam Firewall receives an email that needs to be quarantined.
When these two circumstances occur, the system does the following:
1. Checks the recipient email address against its database.
To increase security, you can configure the Barracuda Spam Firewall to validate the receiving email address (using LDAP or the SMTP command RCPT TO) before it creates an account. This helps prevent the Barracuda Spam Firewall from creating accounts for invalid users.
2. If the address does not exist, the system creates a new user account for the recipient.
The Barracuda Spam Firewall uses the email address of the recipient as the username of the account and then auto-generates a password.
3. Sends the user the login information so they can access their quarantine inbox. 4. Places the quarantined message in the recipients quarantine inbox. 5. Sends a quarantine summary report to the user.
Because the Barracuda Spam Firewall automatically creates user accounts, you should never need to manually add new accounts to the system.
Chapter 5
Edit a users account settings by logging in to their quarantine interface Delete user accounts Change the password of specific accounts.
Message Count
Note: The wildcard is applied to the right of the pattern. This means if you search for 'bob' then bob@domain.com and bobby@domain.com will match, but not billybob@domain.com.
Account (*pattern) Displays only the accounts that match the full or partial usernames entered in the Pattern textbox. The matches apply across all domains on the Barracuda Spam Firewall.
Note: The wildcard is applied to the left of the pattern. This means if you search for 'domain.com' then user@domain.com and user@corp.domain.com will match, but not user@domain1.com.
Quarantined Enabled Quarantined Disabled Spam Scan Enabled Spam Scan Disabled Displays all accounts with quarantined enabled. Displays all accounts with quarantined disabled. Displays all accounts with spam scanning enabled. Displays all accounts with spam scanning disabled.
Check the messages within a users quarantine inbox. Modify a users spam and quarantine settings. Add email addresses to a users whitelist or blacklist to resolve why that user is not receiving legitimate mail or receiving a large amount of spam.
Result: A new page opens that displays the end user quarantine interface.
3. Use the QUARANTINE INBOX and PREFERENCES tabs to make the necessary changes.
Chapter 5
It can take many hours to remove all invalid accounts. It takes the system about 1-2 seconds to verify each valid account and about 3-5 seconds to remove an invalid account. To stop the removal process, click the stop button in the status/log display that pops up when the process begins. You can close the administration interface at any time without disrupting the account removal process. The Barracuda Spam Firewall also removes all messages stored in an invalid users quarantine.
Note: If you set this value to No, the quarantine settings configured by the user do not take effect.
Spam Scan Enable/Disable Ability Determines whether your users can enable/disable spam scanning of their incoming messages. If you set this value to No, all users messages are scanned for spam based on: The settings configured on the BASIC-->Spam Scoring page, or The per-domain settings configured on the DOMAINS tab by clicking Edit Domain. For more information, refer to Editing Domain Settings on page 64.
Note: If this value is set to Yes and a user has disabled spam scanning, that users spam scanning will be re-enabled when you change Spam Scan Enable/Disable Ability to Yes.
Description Determines whether your users can change how often they receive the quarantine summary notification. If you set this value to No, all users receive notifications based on the frequency specified in the Quarantine Notification setting on the BASIC-->Quarantine page.
Note: If this value is set to Yes, and a user changes their notification interval, that users change is preserved when you change the Notification Change Ability to No.
Whitelist/ Blacklist Ability Determines whether your users can add email addresses and domains to their personal whitelist and blacklist.
Note: If this value is set to Yes and a user adds entries to their whitelist and blacklist, those additions are ignored when you change Whitelist/Blacklist Ability to No.
Use Bayesian Ability Scoring Change Ability Determines whether your users can view and edit their Bayesian database. Determines whether your users can change the levels at which their messages are tagged, quarantined, or blocked. If you set this value to No, all messages are scored based on: The settings configured on the BASIC-->Spam Scoring page, or The per-domain settings configured on the DOMAINS tab by clicking Edit Domain. For more information, refer to Editing Domain Settings on page 64.
Note: If this value is set to Yes and a user changes their spam scoring, that users changes are not preserved when you change Scoring Change Ability to No.
User Features Override Use this section to provide specific user accounts with different features than specified in the Default User Features section. In the User Accounts box, enter the email addresses for the accounts you want to override, and then specify the features for these accounts. Click Save Changes when finished.
Example
One of the most common scenarios for overriding quarantine settings is when you want to provide a few users with a quarantine inbox on the Barracuda Spam Firewall, and have the rest of your users receive quarantine messages in their standard email inbox. Providing a user with a quarantine inbox gives them greater control over how their messages are quarantined, but also requires them to manage their quarantine queue. For this reason, you may only want to provide a quarantine inbox to a subset of power users. In this example, you would do the following:
Set the quarantine type to per user (for more information, see Specifying the Quarantine Type on page 38)
Chapter 5
Set the quarantine default to disabled so users are not set up with a quarantine inbox on your Barracuda Spam Firewall (for more information, see Specifying the Per-User Quarantine Settings on page 39) Enter the email addresses of the users you want to have a quarantine inbox and set Enable Quarantine Inbox to Yes. Refer to the next section for more information.
to override.
2. Select whether the user accounts you listed are enabled with the user quarantine feature.
For a description of the user quarantine feature, refer to Specifying the Quarantine Type on page 38. Note: If you enable the user quarantine, you should disable aliases and public folders so no per-user accounts are created for these items.
3. Select the option to email login information to the new users. To view an example greeting email
For information on assigning additional features to user accounts, refer to page 60.
Download Backup File to save the last backup file to a specified location. Create Backup File Now to create a new backup file instead of saving the backup file that already exists.
2. Save the user setting backup file (pu_config.tgz) to your local system.
Size restrictions that determine how large each users quarantine can be Age restrictions that determine the period of time messages are kept in a users quarantine area
It is recommended you train your users to manage their own quarantine areas and not rely on the retention policies to automatically remove messages. Relying on the Barracuda Spam Firewall to automatically manage quarantine areas can impact system performance. In addition to using retention policies to manage quarantine areas, you can also use the USER--> Accounts View page to view the size of each users quarantine area. You can then contact users directly if they have a large quarantine area that they need to manage. Note: When you enable retention policies, keep in mind that if your system has been accumulating mail without retention policies then the first day retention policies are enables will have an impact on system performance. The longer a system runs without retention policies the larger the performance impact will be. After the first day or two, the load will stabilize as the system is able to keep large quarantine fluctuations to a minimum. Retention policies are run starting at approximately 02:30 AM.
server, and click Add Domain. Result: The domain appears in the table.
3. Click Edit Domain next to the domain you just added.
Chapter 5
on the Barracuda Spam Firewall 400 and above. Note: Setting values on a per-domain basis override the values configured elsewhere in the administration interface.
Setting Destination Server and Destination Port Use MX Records Valid Test Email Address Description The hostname and destination port of the mail server associated with the selected domain. To designate a failover destination server, enter a second hostname separated by a space. Whether MX lookups are performed on the specified Destination Server. Enter a valid email address to test whether the Barracuda Spam Firewall can filter messages for the selected domain, and click Test SMTP Connection. Then check the Message Log and verify the test message appears in the log and make sure the message is delivered to the test email address. The test email has a "from'' address of smtptest@barracudanetworks.com. Realm Name The name of the realm as displayed to users in the Realm Selector as well as in the Domain Settings for administrators. A realm is a database of usernames and passwords that identify valid users, plus the list of roles associated with each valid user. Tag Score, Quarantine Score, Block Score For information on spam scoring, refer to Configuring the Global Spam Scoring Limits on page 36.
Note: These domain settings override the global settings configured on the BASIC-->Spam Scoring page. But the individual spam scoring settings configured by the user in their PREFERENCES-->Spam Settings page override the domain settings.
Per-User Quarantine Determines the quarantine type for the domain. Selecting Yes sets the quarantine type to Per-User. Selecting No sets the quarantine type to Global. For information on quarantine types, refer to Specifying the Quarantine Type on page 38. Specifies the address for the global quarantine email address for the domain. For more information, refer to Specifying the Global Quarantine Settings on page 38. Lets you enable or disable spam and virus checking for the domain. Whether the Barracuda Spam Firewall prevents outside individuals from sending mail using your domains as the from address. Setting this option to Yes blocks all email addressed from a domain for which the Barracuda Spam Firewall receives email. You should only enable this option if all email from your domains goes directly to your mail server and not through the Barracuda Spam Firewall.
Global Quarantine Email Address Spam Scan Enabled, Virus Scan Enabled Spoof Protection
Using LDAP for User Authentication on page 65 Impact of a Down LDAP Server on page 67 Common LDAP Settings for Standard Mail Servers on page 67
authentication.
3. Scroll down to the Edit LDAP settings section and fill in the required information.
Chapter 5
Description LDAP supports two modes for secure communications. LDAPSThe original mode typically used with version 2 of the LDAP protocol. LDAPS is a traditional out-of-band SSL/TLS connection where SSL/TLS is first negotiated and then the LDAP protocol is spoken over this channel. The port for LDAPS is usually 636. StartTLSIntroduced with version 3 of the LDAP protocol. In this mode, an unsecured LDAP connection is initially made. The client then tells the server it wishes to upgrade to SSL/TLS. If the server supports it and its policy allows StartTLS, then SSL/TLS is negotiated and all further communication occurs securely. The StartTLS capability can be offered on the same port as plain-text LDAP and therefore is typically the default port 389. If SSL/TLS is off, then LDAP communications will occur in plain-text. This is often desirable if the network between your Barracuda Spam Firewall and your LDAP server(s) is private and/or anonymous authentication is used (meaning no username/DN and password is sent). Plain-text LDAP is significantly more efficient than LDAP over SSL/TLS because SSL/TLS can introduce significant processing delays, especially when connecting to the LDAP server.
If SMTP over TLS/SSL is enabled then passwords will not be sent in clear text if both sending and receiving systems support TLS/SSL. If one system does not support TLS/SSL, then traffic between the systems will not be secured/encrypted. If you enable this option and an LDAP connection cannot be made or the StartTLS LDAP command is not supported or disallowed, then the LDAP connection fails.
The LDAP port used to communicate with the Exchange server. By default, this port is 389. The username for the LDAP/Exchange server. To determine the fully-qualified username, open Active Directory, go into Active Directory Users and Computers and double-click on the user account in question. Under the Account tab, use the User Login Name plus the @xxx.xxx that follows as the LDAP username. The password for the LDAP/Exchange server. The custom LDAP filter to apply to this domain (optional). The starting search point in the LDAP tree. The default value looks up the 'defaultNamingContext' top-level attribute and uses it as the search base. If you have two domains under one forest, and you want to authenticate both domains using the same LDAP server, use an LDAP search base of DC=com and LDAP port of 3268. This allows for a complete search under the .com domain and a Global Catalog default connection.
The email address to use to verify that LDAP lookups are working correctly. Click Test LDAP after entering this address.
<Domain> should be the NT domain name and not the e-mail domain (unless they are the same). The "admin" suffix is necessary to validate hidden recipients.
Leave the LDAP filter and Search Base at the default setting. Microsoft Exchange 2003 Lotus Domino receiving messages for one domain One of the best filters is: (|(proxyaddresses=smtp:${recipient_email})(mail=${recipient_email})) LDAP username: username@domain.com LDAP filter: (|(mail=${recipient_email})(cn=${recipient_local_part})(shortname=${recipi ent_local_part})(fullname=${recipient_local_part})) If your Lotus Domino server receives messages for two domains, but the Name and Address book is only configured with a single Internet address for each user, use the following filter so LDAP can authenticate both domains: (|(mail=${recipient_email})(cn=${recipient_email})(uid=${recipient_email})) Example: UserName@abc.com can receive mail addressed to UserName@abc.com OR UserName@xyz.com and performing an LDAP test works on UserName@abc.com but fails on UserName@xyz.com. Using this filter enables LDAP to authenticate both domains. Novell Groupwise LDAP username: cn=username,o=organization Leave the LDAP filter and Search Base the same.
Chapter 5
Chapter 6
Advanced Administration
This chapter covers the following tasks that you can perform from the ADVANCED tab:
Modifying the Email Protocol Settings Configuring Message Rate Control Activating Individual Accounts Backing Up and Restoring System Configuration Updating Spam and Virus Definitions Using Energize Updates Updating the System Firmware Version Customizing the Appearance of the Administration Interface Using a Syslog Server to Centrally Manage System Logs Setting up Trusted Relays and SASL/SMTP Authentication Customizing the Outbound Footer Configuring the Network Interfaces on Models 600 and Above Setting Up Clustered and Standby Systems Implementing Single Sign-on Enabling SSL Detecting Spam in Chinese and Japanese Messages Customizing Non-Delivery Reports (NDRs) Troubleshooting Generating System Reports Enabling SMTP over TLS/SSL Using the Task Manager to Monitor System Tasks Replacing a Failed System Rebooting the System in Recovery Mode page 70 page 72 page 72 page 73 page 75 page 76 page 76 page 77 page 78 page 79 page 79 page 79 page 83 page 84 page 86 page 86 page 88 page 89 page 91 page 91 page 91 page 92
Note: In most cases you should not need to change any of the default settings described in this section. It is recommended you talk to Barracuda Networks technical support before performing any of these tasks.
Chapter 6
Advanced Administration 69
Mail Protocol (SMTP) Checking SMTP HELO Required Whether mail clients connecting to the Barracuda Spam Firewall need to introduce themselves with a SMTP HELO command. Selecting Yes for this option may stop automated spam-sending programs used by spammers. The default setting is No. Enforce RFC 821 Compliance Whether the Barracuda Spam Firewall requires that the SMTP "MAIL FROM" and "RCPT TO" commands contain addresses that are enclosed by < and >. It also requires that the SMTP "MAIL FROM" and "RCPT TO" commands do not contain RFC 822 style phrases or comments. Setting this option to Yes stops messages sent from spam senders but also from some Windows mail programs (such as Microsoft Outlook) that do not adhere to the RFC 821 standard. For this reason, the default setting is No. Require Fully Qualified Domain Names Reject Fake From domains Sender Spoof Protection (inbound mode only) Whether the Barracuda Spam Firewall requires fully qualified domain names. Whether the Barracuda Spam Firewall rejects email sent from domains that do not have an entry in DNS. Whether the Barracuda Spam Firewall prevents outside individuals from sending email using this domain as the from address. Setting this option to Yes blocks all email addressed from a domain for which the Barracuda Spam Firewall receives email. You should only enable this option if all mail from your domains goes directly to your mail server and not through the Barracuda Spam Firewall. SPF/Caller ID Configuration (inbound mode only) Sender Policy Framework/ Microsoft SenderID Framework: SPF (Sender Policy Framework) and Microsoft SenderID Framework are checks that can help the Barracuda Spam Firewall distinguish between spam and legitimate messages. Enabling this feature impacts the performance of the Barracuda Spam Firewall due to the multiple DNS queries needed to retrieve a domain's SPF or SenderID record (if it exists). Turning on this option causes messages that fail this test to be blocked. The default setting for this setting is No. How SPF works Domain owners identify the addresses of their sending mail servers in DNS. When an SMTP receiver (like the Barracuda Spam Firewall) gets a message, it checks the sending mail server address contained in the message against the domain owners DNS records. If this check does not find a record for the sending mail server, the message is assumed to be spam. Trusted Forwarder IP The Trusted Forwarder IP address is a list that contains the IP addresses of any machines that you have set up to forward email to the Barracuda Spam Firewall from outside sources. The Barracuda Spam Firewall ignores any IP address in this list when performing SPF/SenderID checks. Instead, the next IP address in the Received headers list is tried.
Setting
Description
Incoming SMTP Timeout Incoming SMTP Timeout Sets a limit on the time spent on an incoming SMTP transaction. The default is 30 seconds. Setting a time limit on SMTP transactions prevents spammers from maintaining open connections to the Barracuda Spam Firewall that can impact system resources. Messages in SMTP transactions that go over this threshold show up on the Message Log page as being blocked with a reason of timeout. SMTP Messages Per Session (inbound mode only) Messages per SMTP session Sets a limit on the number of messages in one SMTP session. If the number of messages in one session exceeds this threshold the rest of the messages are blocked and show up in the message log as being blocked with a reason of Per-Connection Message Limit Exceeded.
SMTP Welcome Banner SMTP Welcome Banner Whether the Welcome Banner is presented to the SMTP client connecting to the Barracuda Spam Firewall. This value should be unique to make it easy for you to identify the system presenting the Welcome Banner. This value can be left blank for the Barracuda Spam Firewall to manage the setting. Barracuda Headers Remove Barracuda Headers Removes Barracudas custom X-headers that are applied before a message leaves the system. It is recommended you do not remove Barracuda headers because they contain the reason a message is tagged, quarantined or blocked. This information makes it easier to troubleshoot message handling issues.
Note: Only accounts added to the Email Address list receive spam and virus protection. However, RBLs, rate control, and recipient validation are applied to all incoming mail regardless of this list.
Desktop backupA one-time only backup that stores the backup file on your local desktop. Automated backups (recommended)Recurring backups that you schedule.
Note: Do not edit the backup files. Any configuration changes you want to make need to be done through the administration interface. The configuration backup file (barrcuda.conf) contains a checksum that prevents the file from being uploaded to the system if any changes are made. The following information is not included in the desktop or automated backup:
2. Click Backup and save the configuration file to a directory on your local system.
Server Name/IP
Field Port (optional) Username Password Folder/Path Test Backup Server Backup Schedule
Description The port to use for the FTP or SMB server. The username that the Barracuda Spam Firewall should use to log into the backup server. The password that the Barracuda Spam Firewall should use to log into the backup server. The folder, path, or share name to store the backup files on the backup server. Before enabling automated backups, we recommend you test the backup settings you specified by clicking Test Backup Server. Lists the components you can include in your backup and the scheduled backup time for each. You can select the following components to back up: System ConfigurationAll global and system settings (less system password, system IP, and DNS information) User settingsAll user settings except the individual user Bayesian databases Bayesian dataAll global Bayesian data Quarantine dataAll quarantine data After selecting the components, specify the frequency of the backups (daily or weekly).
Backups to keep
The number of backups to keep on the backup server at one time. When this limit is reached, the oldest backup file is removed to make room for the latest.
Then... 1. Click Browse next to the Restore Backup File. 2. Locate the configuration backup file (barracuda.conf) and click Restore.
1. Click Browse near the Restore Auto Backup field. 2. Locate the auto backup file you want to restore based on the timestamp, and click Restore.
3. If you are restoring configuration on a replacement Barracuda Spam Firewall, update the following:
Virus and spam definitions (from the ADVANCED-->Energize Updates page) Firmware (from the ADVANCED-->Firmware Update page)
Previous Version Automatically Update Virus Definitions Virus Definition Update Frequency
This button will be disabled if the Barracuda Spam Firewall already has the latest firmware version.
3. After downloading the firmware version, activate it by doing the following: a. Log out of the administration interface. b. Log back into the administration interface and go to the ADVANCED-->Firmware Update page. c. Click Apply.
Result: When activating the downloaded firmware, the Barracuda Spam Firewall resets. After the reset your email automatically continues to be filtered.
Description
Shows the current image that will be used in quarantine messages sent to users. This preview updates once you upload a new image to the system. To use a custom image in quarantine emails, click Browse, select the image, and click Upload Now. The uploaded image appears in the upper left corner of the quarantine email. The recommended image size is 159x64 pixels and must be a jpg, gif, or png file under 100k. The color of the table header background used in quarantine emails. Use a standard HTML hex code for this value. The color of the table header font used in quarantined emails. Use a standard HTML hex code for this value. Clears custom quarantine settings and reverts back to the default image and colors.
Cluster Set up Process on page 80 Data Propagated to the Clustered Systems on page 81 Field Descriptions for the Clustering Page on page 81 Impact of Changing the IP Address of a Clustered System on page 82
are running. Complete this step for the Barracuda2 system as well. No processes should be running when you add a system to a cluster.
3. From the ADVANCED-->Clustering page on the Barracuda1 system, enter the shared secret
Cluster.
c. Click Save Changes. 5. On each Barracuda system, refresh the ADVANCED-->Clustering page, and verify that:
Each systems IP address appears in the Clustered Systems list The status of each server is green The following example shows two servers in a cluster with a green status.
Setup the MX record for each clustered system as a round robin in DNS (requires at least two systems in the cluster to be in an active state). Configure your network switch to balance the load on each clustered system. Load balancing controls traffic shaping whereas round robin directs traffic to the other clustered system if one fails.
Note: A new system propagates its Bayesian database only once when it first joins the cluster. The clustered systems do not synchronize their Bayesian databases with each other. For this reason, you may want to periodically backup each systems Bayesian database and upload the backup file to the other clustered systems so they all have consistent policies. Synchronization will be added to a future firmware release Each user account has a primary and backup server in the cluster. The primary is the server that first joins the cluster, and the secondary is the next server joining the cluster. There are always two servers at all times that have the same information (configuration and quarantine messages).
Description
Enter the IP address or host name of one of the Barracuda Spam Firewalls in the cluster to join, and click Join Cluster. Once this system joins the cluster, the following happens: Configuration settings are pulled from the cluster and some of these settings override the settings on this system. User lists on this system are synced with the cluster so no user accounts are lost.
Cluster System lists the other systems in this cluster. Mode specifies whether a system is Standby or Active. Designate a server as Standby if you want a spare system to switch to in the event another system goes down. Only Active servers filter incoming messages. You must manually switch a standby server to Active if you want the standby server to begin filtering messages. The switchover does not automatically occur when an active server fails. Status displays whether each system is up and running (green dot) or down (red dot).
Local Host Map Host Name / IP Address Maps a local host name to an IP address for a system in the cluster. This mapping results in a local override of DNS hostname-to-IP address lookups. Click Add after specifying each new entry. This mapping is not synchronized with other systems in the cluster. Use the local host map feature when: There are clustered Barracuda Spam Firewalls on different private networks and systems on the same private network must communicate using the private IP address of the other systems while systems on different networks must communicate using the public IP address of the other systems. Different clustered Barracuda Spam Firewalls need to forward to different destination mail servers. In this case, the Destination Server field on the Domain configuration page could be "localmail" and each Barracuda Spam Firewall in the cluster would have a different IP address assigned to "localmail" in the Local Host Map field.
Advanced Single Sign-on Configuration Realm Name The name of the realm as displayed to the users in the Realm Selector on the login page as well as in the Domain Settings for the administrator. This is a required field. Controls the type of realm that is created. Available options include: LOCAL (where the Barracuda Spam Firewall controls the password) LDAP (where the password is maintained in an external LDAP database) RADIUS (where the password is maintained in a RADIUS database) POP (where the password is maintained in an external POP server) Auth. Host The name of the LDAP, RADIUS, or POP server that the Barracuda Spam Firewall attempts to connect to for authentication purposes. This field is ignored for LOCAL authentication. The port the Barracuda Spam Firewall uses to connect to the LDAP, RADIUS, or POP server for authentication purposes. This field is ignored for LOCAL authentication. If using LOCAL authentication, this field is ignored. If using LDAP authentication, this field contains the template for the username the Barracuda Spam Firewall attempts to bind with (for example: cn=__USERNAME__,dc=mydomain,dc=com). The __USERNAME__ is replaced with both the full email address and the username portion. If using RADIUS authentication, this field should contain the RADIUS shared secret. Auth. Default Determines which realm is used as the default if a user does not select one or they fail login at their selected realm.
Auth. Type
Auth. Port
Username Template
Enabling SSL
Enabling SSL
The ADVANCED-->SSL page lets you enable SSL on your Barracuda Spam Firewall. Click Save Changes after making any changes. One of the most common reasons to enable SSL is to ensure user passwords remain secure. When using the Single Sign-on feature (covered in Implementing Single Sign-on on page 83), you should also use SSL because Single Sign-on may require passwords be passed to the Barracuda Spam Firewall in their original, unencrypted form. If you are not using Single Sign-On, SSL is not required to keep your passwords secure. SSL not only ensures that your passwords are encrypted, but also ensures that the rest of the data transmitted to and received from the administration interface is encrypted as well. The following table describes the fields on the ADVANCED-->SSL page.
Field Description
Web Interface HTTPS/SSL Configuration HTTPS/SSL access only: Select Yes to enable SSL and only allow access to the Administration interface via SSL. Select No to use standard HTTP access.
Note: Once you enable SSL, any user who tries to log into the administration interface using http will be automatically redirected to the https equivalent address.
Use HTTPS links in emails Whether the Barracuda Spam Firewall uses https:// (instead of http://) in the links included in system emails. This applies to daily system reports, quarantine emails, and system alerts that are sent out by the system. This setting does not apply to emails sent out by users. This setting is automatically set to Yes when you enable HTTPS/SSL access. Web Interface HTTPS/SSL port The SSL port used by the Barracuda Spam Firewall. Default port for SSL is 443.
SSL Certificate Configuration Certificate Type Select one of the following certificates for SSL: Default (Barracuda Networks) certificates are free but generate browser alerts. The default certificate is signed by Barracuda Networks and provided free as the default type of certificate. Private (self-signed) certificates provide strong encryption without the cost of purchasing a certificate from a trusted certificate authority (CA). However Web browsers cannot verify the authenticity of the certificate and therefore display a warning every time a user accesses the administration interface. To avoid this warning, download the private root certificate and import it into your browser. Trusted certificates are issued by trusted Certificate Authorities (CA), which are usually recognized by your Web browser so no additional configuration is required.
Enabling SSL
Field
Description
Certificate Generation Organization Info The information stored in your certificates and Certificate Signing Requests. Provide the following information: Common Name is the fully qualified domain name used to access the administration interface. For example: "barracuda.yourdomain.com" Country is the two-letter country code where your organization is located. State or Province Name is the full name of the state or province where your organization is located. Locality Name is the city where your organization is located. Organization Name is the legal name of your company or organization. Organization Unit Name is an optional field in which to specify a department or section within your organization. Download Certificate Signing Request (CSR) Download Private key Download Private Root Certificate Click Download to obtain a certificate signing request that is required to purchase a signed certificate from a trusted certificate authority. The certificate is generated with a 1024-bit key length. Click Download to obtain a copy of the private key used for the CSR. The certificate authority where you purchased your certificate may ask for this key, which is only available after you download a CSR. Click Download to obtain the private root certificate and import it into your Web browser. This is recommended if you selected a Private certificate type. Once you have imported the certificate, your Web browser is able to verify the authenticity of the Barracuda Spam Firewalls SSL certificate, and should no longer issue a warning when you visit the administration interface. Trusted Certificate Upload Signed Certificate After purchasing the certificate using the CSR, browse to the location of the certificate and click Upload. Once you upload the certificate, your Barracuda Spam Firewall automatically begins using it. Once you have uploaded your signed certificate, make sure Trusted is selected for the Certificate Type (described above). Upload Private key After downloading the private key, browse to the location of the key and click Upload.
Select NDR Language Default Language Select the language to use for the default non-delivery reports. The Barracuda Spam Firewall automatically translates the default NDR messages to the language you specify. To customize the information in an NDR:
1. From the Default Language drop-down menu, select Custom. 2. Click Save Changes. 3. Enter your customized text in the message boxes provided. 4. Click Save Changes.
Note: If you customize NDRs and then later switch back to a predefined language, you lose all customization and the Barracuda Spam Firewall reverts back to the default message for the specified language.
Field Customized NDRs Banned File (recipient) Banned File (sender) Spam (sender)
Description
When a message containing an attachment type that has been banned d is sent to a user, the Barracuda Spam Firewall blocks the incoming message and sends this notice to the intended recipient of the email. When someone sends a message containing an attachment type that has been banned, the Barracuda Spam Firewall blocks the outgoing message and sends this notice to the sender of the email. When the Barracuda Spam Firewall blocks a message because it was determined to be spam, the Barracuda Spam Firewall sends this notice back to the message sender. When the Barracuda Spam Firewall determines that a message contains a virus, it sends this notice to the intended recipient of the blocked message. When the Barracuda Spam Firewall determines that a message contains a virus, it sends this notice to the sender of the message.
The following table describes the supported macros you can use in NDRs.
Macro %f %C %d %m %j %s %S Description The Barracuda Spam Firewall administrator's email address (typically used in 'From:' header of NDRs). The list of recipients to be used in the Copy To (Cc:) header of the NDR. RFC 2822 date-time (current time). The Message-ID header field body. The Subject header field body. The original envelope sender, rfc2821-quoted and enclosed in angle brackets. The address that receives sender notification. This is normally a one-entry list containing sender address (%s), but may be unmangled/reconstructed in an attempt to undo the address forging done by some viruses. The output of the (last) virus checking program. The list of banned file names.
%v %F
Troubleshooting
Troubleshooting
The ADVANCED-->Troubleshooting page provides various tools that help troubleshoot network connectivity issues that may be impacting the performance of your Barracuda Spam Firewall. The following table describes each troubleshooting tool provided with the system.
Troubleshooting Tool Support Diagnostics Establish Connection to Barracuda Central If you need help troubleshooting and diagnosing an issue, click this button to establish a connection to Barracuda Central and provide the Barracuda Networks support engineer with the serial number displayed. You can click the Stop button to terminate all connections to your Barracuda Spam Firewall when the work is complete. Description
Network Connectivity Ping Device Sends a ping request from your Barracuda Spam Firewall to the specified system. Enter the IP address or hostname of the system you wish to ping (as well as any ping options you want to provide) and click Begin Ping to start the test. Attempts to establish a telnet session from your Barracuda Spam Firewall to the specified system. This session is non-interactive. Use this test to verify connectivity and initial response from a remote server. Enter the IP address or hostname you wish to telnet to (as well as any options you wish to provide), and click Begin Telnet to start the test. Dig/NS-lookup Device Performs a Dig command on your Barracuda Spam Firewall. Dig is a more advanced nslookup command that you can use to lookup any type of DNS record. Enter the IP address or hostname you wish to perform a dig against (as well as any options you wish to provide), and click Begin Dig to start the test. For example to lookup MX records, enter mx mydomain.com. TCP Dump Performs a tcpdump on your Barracuda Spam Firewall to monitor network traffic. Enter any information you wish to provide for monitoring the connection (as well as any option to adjust the tcpdump output; for example: -x -X port 53) and click Begin TCP Dump to start the test. Traceroute Device Performs a traceroute from the Barracuda Spam Firewall to the specified system to determine routes used. Enter the IP address or hostname of the destination server and click Begin Traceroute to start the test.
Telnet Device
Then... Enter the email address for each recipient in the field provided and click Email Report. Separate each address by a comma. Emailed reports will be added to a queue shown in the Pending Reports section. Only one report can be created at a time to prevent overloading the Barracuda Spam Firewall. If a report takes a long time to generate you can cancel the report to free up system resources.
Note: Selecting Show Report (instead of emailing the report) can consume a lot of resources on the Barracuda Spam Firewall. As a result, you should use discretion when specifying the span of time for a displayed report. Reports over 7 days in length can only be generated if you select to email the report.
Example Report
The following example shows a Top Spam Senders report in a vertical bars format.
Clustered environment setup Configuration and Bayesian data restoration Invalid users removal
If a task takes a long time to complete, you can click the Cancel link next to the task name and then run the task at a later time when the system is less busy. The Task Errors section will list an error until you manually remove it from the list. The errors are not phased out over time.
Use the built-in troubleshooting tools to help diagnose the problem. For more information, see Troubleshooting on page 88. Perform a system restore from the last known good backup file. Contact Barracuda Networks Technical Support for additional troubleshooting tips.
As a last resort, you can reboot your Barracuda Spam Firewall and run a memory test or perform a complete system recovery, as described in this section.
Clicking the Restart button on the BASIC-->Administration page. Pressing the Power button on the front panel to turn off the system, and then pressing the Power button again to turn back on the system. Result: The Barracuda splash screen displays with the following three boot options:
Barracuda Recovery Hardware_Test
3. Use your keyboard to select the desired boot option, and press Enter.
You must select the boot option within three seconds of the splash screen appearing. If you do not select an option within 3 seconds, the Barracuda Spam Firewall defaults to starting up in the normal mode (first option). For a description of each boot option, refer to Reboot Options on page 93.
Reboot Options
The following table describes the options available at the reboot menu.
Reboot option Barracuda Description Starts the Barracuda Spam Firewall in the normal (default) mode. This option is automatically selected if no other option is specified within the first three seconds of the splash screen appearing. Displays the Recovery Console where you can select the following options: Perform Filesystem RepairRepairs the file system on XFS-based Barracuda Spam Firewalls. Select this option only if the serial number on your Barracuda Spam Firewall is below 24364; otherwise select the Perform Full System Re-image option. Perform Full System Re-imageRestores the factory settings on your Barracuda Spam Firewall s and clears out the Bayesian database as well as quarantine email and configuration information. Select this option if the serial number on your Barracuda Spam Firewall is 24364 or above. Enable remote administrationTurns on reverse tunnel that provides Barracuda Networks technical support to access the system. Another method for enabling remote administration is to click Establish Connection to Barracuda Central on the Advanced-->Troubleshooting page. Run diagnostic memory testRuns a diagnostic memory test from the operating system. If problems are reported when running this option, we recommend running the Hardware_Test option next. Hardware_Test Performs a thorough memory test that shows most memory related errors within a two-hour time period. The memory test is performed outside of the operating system and can take a long time to complete.
Recovery
Chapter 7
Chapter 7
SentOccurs when the outgoing message is successfully sent to the intended recipient. AbortedOccurs when the receiving email server is down, the recipient email address is incorrect or no longer valid. DeferredOccurs when the rate control threshold is exceeded. For more information about rate control, refer to Configuring Message Rate Control on page 101.
The Action column also shows when an outgoing message has been quarantined or blocked due to a policy violation. For a description of the other columns that also appear with inbound mode, refer to Monitoring the Message Log on page 32.
Note: Spam Scoring must to set to Yes for the quarantine score to take effect.
Block Score Messages with a score above this threshold are not delivered to the recipient and the Barracuda Spam Firewall sends a non-delivery receipt (NDR/bounce message) to the sender.
Note: Spam Scoring must to set to Yes for the quarantine score to take effect.
Intent Analysis Intent Analysis When Intent Analysis is turned on, your Barracuda Spam Firewall tries to match the URLs contained in outgoing messages against a local database of URLs known for sending spam. If the system finds a match, the outgoing message that contains the offending URL is automatically blocked. Systems configured for outbound mode have Intent Analysis turned off by default.
Note: The local database that contains the list of offending URLs is updated on a regular basis by Energize Updates.
Realtime Intent Analysis When this option is set to Yes, your Barracuda Spam Firewall tries to match the URLs contained in outgoing messages against the live Barracuda Central database that contains the latest list of URLs known for sending spam. The Barracuda Central database can be slightly more up-to-date than the local database used when Intent Analysis is turned on. However, using realtime intent analysis can increase the time it takes to scan messages. URL Exemptions Lists the URLs that should not be classified as offending URLs even if there is a match found during intent analysis. It is recommended you enter URLs that are commonly included in your outgoing messages.
Note: You do not need to include http:// in front of the URLs you add to this list.
Spam Bounce (NDR) Configuration Send Bounce By default, the Barracuda Spam Firewall sends an NDR (non-delivery report) to senders when their message is blocked and not delivered. You can turn off this automatic notification by selecting No.
From containsSearches the From field in all quarantined messages for the specified text. Subject containsSearches the Subject line in all quarantined messages for the specified text. Message containsSearches the message body in all quarantined messages for the specified text. This filter may fail or take an exceptionally long period of time with a large Message Log.
verify the relay server information you just entered. This page also lets you specify a single mail relay server, as follows:
1. Enter an asterisk (*) as the domain name and click Add Domain. 2. Remove all other entries from the domain name list by clicking the trash can icon next to each one.
The asterisk wildcard domain causes all outbound emails forwarded to the Barracuda Spam Firewall to be sent to a single mail server to another relay server specified on the ADVANCED-->Relay page.
Chapter 8
Receiving Messages from the Barracuda Spam Firewall in the next section. Using the Quarantine Interface on page 104. Changing your User Preferences on page 106.
Greeting Message
The first time the Barracuda Spam Firewall quarantines an email intended for you, the system sends you a greeting message with a subject line of User Quarantine Account Information. The greeting message contains the following information:
Welcome to the Barracuda Spam Firewall. This message contains the information you will need to access your Spam Quarantine and Preferences. Your account has been set to the following username and password: Username: <your email address> Password: <your default password> Access your Spam Quarantine directly using the following link: http://<barracuda system address or name>:8000
The Barracuda Spam Firewall automatically provides your login information (username and password) and the link to access the quarantine interface. You should save this email because future messages from the system do not contain your login information.
Your login information resides in the greeting message sent to you from the Barracuda Spam Firewall.
Note: If you want to classify a message or add it to your whitelist, make sure to do so before delivering the message to your inbox. Once the Barracuda Spam Firewall delivers a message, it is removed from your quarantine list.
Whitelist Adds the selected message to your whitelist so all future emails from this sender are not quarantined unless the message contains a virus or banned attachment type. The Barracuda Spam Firewall adds the sending email address exactly as it appears in the message to your personal whitelist. Note that some commercial mailings may come from one of several servers such as mail3.abcbank.com, and a subsequent message may come from mail2.abcbank.com. See the section on managing your whitelists and blacklists for tips on specifying whitelists with greater effectiveness. Delete Deletes the selected message from your quarantine list. The main reason to delete messages is to help you keep track of which quarantine messages you have reviewed. You cannot recover messages you have deleted. Classify as Not Spam Classifies the selected message as not spam.
Note: Some bulk commercial email may be considered useful by some users and spam by others. Instead of classifying bulk commercial email, it may be more effective to add it to your whitelist (if you wish to receive such messages) or blacklist (if you prefer not to receive them).
Classifies the selected message as spam.
Classify as Spam
On the quarantine interface login page, click Create New Password, or After logging into your quarantine interface, go to PREFERENCES-->Password. This option is not available if single sign on has been enabled via LDAP or Radius. In the provided fields, enter your existing password and enter your new password twice. Click Save Changes when finished.
Note: Changing your password breaks the links in your existing quarantine summary reports so you cannot delete, deliver, or whitelist messages from those reports. New quarantine summary reports will contain updated links that you can use the same as before.
Spam Filter Enable/Disable Enable Spam Filtering Spam Scoring Use System Defaults Tag score Select Yes to use the default scoring levels. To configure the scoring levels yourself, select No and make the desired changes in the Spam Scoring Levels section described below. Messages with a score above this threshold, but below the quarantine threshold, are delivered to you with the word [BULK] added to the subject line. Any message with a score below this setting is automatically allowed. The default value is 3.5. Quarantine score Messages with a score above this threshold, but below the block threshold, are forwarded to your quarantine mailbox. The default setting is 10 (quarantine disabled). To enable the quarantine feature, this setting must have a value lower than the block threshold. Block score Messages with a score above this threshold are not delivered to your inbox. Depending on how the system is configured, the Barracuda Spam Firewall may notify you and the sender that a blocked message could not be delivered. The default value is 9. Barracuda Bayesian Learning Reset Bayesian Database Click Reset to remove your Bayesian rules learned by the Barracuda Spam Firewall from the point of installation. Select Yes for the Barracuda Spam Firewall to scan your emails for spam. Select No to have all your messages delivered to you without being scanned for spam.
Bayesian Database Backup Backup Bayesian Database Restore Database Click Backup to download a copy of your Bayesian database to your local system. This backup copy can then be uploaded to any Barracuda Spam Firewall, including this one, in the case of a corrupt Bayesian installation. Click Browse to select the backup file containing your Bayesian database, and then click Upload Now to load the Bayesian settings to this Barracuda Spam Firewall. The backup file does not need to have originated from this Barracuda Spam Firewall, nor from the same user database.
Blacklist
A list of your existing whitelisted and blacklisted addresses appears on this page.
2. To delete a whitelist or a blacklist entry, click the trash can icon next to the address. 3. To add an entry, type an email address into the appropriate field, and click the corresponding Add
button. Tips on specifying addresses When adding addresses to your whitelist and blacklist, note the following tips:
If you enter a full email address, such as johndoe@yahoo.com, just that user is specified. If you enter just a domain, such as yahoo.com, all users in that domain are specified. If you enter a domain such as barracudanetworks.com, all subdomains are also included, such as support.barracudanetworks.com and test.barracudanetworks.com. Mass mailings often come from domains that do not resemble the companys Web site name. For example, you may want to receive mailings from historybookclub.com, but you will find that this site sends out its mailing from the domain hbcfyi.com. Examine the From: address of an actual mailing that you are trying to whitelist or blacklist to determine what to enter.
Appendix A
Be careful when using special characters such as |, *, '.' in your text. For more information, refer to Using Special Characters in Expressions on page 110. All matches are case-insensitive.
The following table describes the most common regular expressions supported by the Barracuda Spam Firewall.
Expression Operators * + ? | () Zero or more occurrences of the character immediately preceding. One or more occurrences of the character immediately preceding. Zero or one occurrence of the character immediately preceding. Either of the characters on each side of the pipe. Characters between the parenthesis as a group. Matches...
Character Classes . [ac] [^ac] [a-z] [a-zA-Z.] [a-z\-] \d \D \a \w \W \s \S Miscellaneous ^ $ \b \t Beginning of line End of line Word boundary Tab character Any character except newline Letter 'a' or letter 'c' Anything but letter 'a' or letter 'c' Letters 'a' through 'z' Letters 'a' through 'z' or 'A' through 'Z' or a dot Letters 'a' through 'z' or a dash Digit, shortcut for [0-9] Non-digit, shortcut for [^0-9] Digit, shortcut for [0-9] Part of word: shortcut for [A-Za-z0-9_] Non-word character: shortcut for [^\w] Space character: shortcut for [ \n\r\t] Non-space character: shortcut for [^\s]
Examples
The following table provides some examples to help you understand how regular expressions can be used.
Example viagra d+ (bad|good) ^free v[i1]agra v(ia|1a)gra v\|agra v(i|1|\|)?agra \*FREE\* \*FREE\* V.*GRA Matches... viagra, VIAGRA or vIaGRa One or more digits: 0, 42, 007 letters 'bad' or matches the letters 'good' letters 'free' at the beginning of a line viagra or v1agra viagra or v1agra v|agra vagra, viagra, v1agra or v|agra *FREE* *FREE* VIAGRA, *FREE* VEHICLEGRA, etc
Index
A
Account View page 58 accounts activating for individuals 72 creating 57 deleting 58 editing 59 overriding settings 61 activating individual accounts 72 adding domains 63 administration interface branding 76 logging in 19 Administration page 41 Advanced Domain Setup page 63 Advanced IP Configuration page 79 aliases, unifying 65 allow email recipient domains 41 allowed email recipient domains 20 allowed IP range 41, 51 Allowed Senders page (outbound mode) 97 allowed SNMP range 41 Appearance page 76 Attachment Filtering page 53 Bounce/NDR Messages page 86 branding the administration interface 76
C
caller ID 70 certificates, signing 85 changing, password 41 Chinese spam messages 86 Clear Log button 33 clustering Barracuda Spam Firewalls 79 Clustering page 79 configuring Barracuda Spam Firewall 19 domains 63 contacting technical support 12 creating new accounts, about 57 customizing administration interface 76 non-delivery reports 86
D
daily mail statistics 31 defense layers 9 deleting invalid accounts 60 user accounts 58 destination mail server setting 40 diagnostic memory test 93 disabling spam scoring 107 virus checking 37 virus notification 37 DNS configuration 20 DNSBLs 49 domain configuration 20 Domain Manager page 64 domains adding 63 configuring 41 editing 64
B
backscatter, reducing 47 backup automatic 73 desktop 73 system data 73 Backup/Restore page 62 Barracuda Central 11 Barracuda headers, removing 71 Barracuda Spam Firewall configuring 19 features 13 installing 18 model comparison 13 overview 9 warranty policy 12 Bayesian database resetting 46 restoring 74 Bayesian/Intent page 46 blacklist services 49, 50 block email setting 36, 107 BLOCK/ACCEPT tab 49 Body Filtering page 55
E
editing accounts 59 domains 64 email routing 23 servers 63 statistics 30
Index 111
email aliases, unifying 65 Email Protocol page 70 email protocol settings (outbound mode) 98 Email Recipient Block/Accept page 53 enabling spam scoring 107 SSL 84 virus checking 37 virus notification 37 Energize Updates 10, 75 equipment, required 17 Exchange Accelerator feature 65
Intent Analysis, enabling 47 invalid accounts, deleting 60 IP address, setting 18 IP Block/Accept page 51 IP Configuration page 40
J
Japanese spam messages 86
L
language, changing in administration interface 48 LDAP 65 LDAP, common settings 67 LEDs (on front panel) 31 lights (on front panel) 31 link domains 39 logging into quarantine interface 104 Lotus Notes plug-in 44
F
failed system, replacing 91 features, assigning 60 file attachments blocking 53 quarantining 54 file extensions blocking 53 qaurantining 54 firewall, configuring 19 firmware updating 21, 76 Firmware Update page 76 Footers page (outbound mode) 97 full header scan 50
M
mail client 44 mail statistics 31 mail syslog 77 managing, quarantine inbox 105 message content blocking 55 quarantining 55 tagging 55 whitelisting 55 message details 35 Message Log page 32, 34, 44 message log privacy 35 mode, changing (inbound/outbound) 43 monitoring message log 32 system status 29 tasks 91 multiple domains, configuring 63 MX records 23, 64
G
generating reports 89 global quarantine settings 38 types 38 greeting message 103
H
hardware test 93 header blocking 55 quarantining 55 tagging 55 whitelisting 55 Header Filtering page 55 headers (Barracuda), removing 71 hourly mail statistics 31 HTTPS access 84
N
NDRs, customizing non-delivery reports, customizing 86 network interfaces, configuring 79 network settings, configuring 18 network time protocol 21 not spam, classifying messages as 33 notification interval, quarantine 39 NTP 21
I
incoming SMTP timeout setting 71 indicator lights 31 installation examples 25 installing, Barracuda Spam Firewall 18 Instant Replacement service 91
O
ORDB blacklist 50 Outbound Footer page 79 outbound mode 12 about 96
configuring 27 features 95 Outbound Relay page 78 Outlook plug-in 44 overriding account settings 61 quarantining settings 61
Bayesian database 74 system configuration 74 system data 73 user settings 74 retention policies, setting 63 RFC 821 compliance 70 routing incoming email 23
P
password (user), changing 106 password, changing 41 per-domain settings 64 performance statistics 30 per-user quarantine settings 39 per-user quarantine type 38 port forwarding 23 post-installation tasks 24 preferences, changing 106 proxy server configuration 40 pu_config.tgz 62
S
SASL authentication 78 Send Bounce field 36 Sender Domain Block/Accept page 52 Sender Email Address page 52 Sender Policy Framework (SPF) 70 setting up, quarantine 37 single sign-on, enabling 83 SMTP authentication 78 SMTP HELO 70 SMTP settings 70 SMTP/TLS page 91 spam classification 34 classifying messages as 33 Spam Bounce (NDR) Configuration 36 spam definitions, updating 75 spam scoring enabling and disabling 107 overview 11 Spam Scoring page 36 spam tag configuration 36 spamcop blacklist 50 Spamhaus 50 SPF 70 spoof protection 64, 70 SSL, enabling 84 STARTTLS 91 StartTLS 66 Status page 29 Subject Filtering page 54 subject line blocking 54 quarantining 54 spam messages 36 tagging 54 whitelisting 54 subscription status 31 subscription status, verifying 21 synchronizing databases in a cluster 46 Syslog page 77 system alerts, enabling 43 system notifications, enabling 43 system status, monitoring 29
Q
quarantine email setting 36, 107 notification interval 39 overriding settings 61 setting up 37 types 38 quarantine inbox, managing 105 quarantine interface, logging in 104 Quarantine page 39 quarantine summary report 104
R
RAID 13 Rate Control page 72 Rate Control page (outbound mode) 101 RBLs 49 reboot options 92 recovery mode 92 Regional Settings page 86 regular expressions, about 109 re-imaging system, enabling remote administration 93 Relay page (outbound mode) 101 relays, setting up 78 removing Barracuda headers 71 repairing, file system 93 replacing a failed system 91 replacing failed system 91 Reporting page 89 RESET button, using 42 resetting Bayesian database 46 restoring
Index 113
T
tag email setting 107 tag score 36 Task Manager page 91 TCP ports 19 TCP/IP configuration 40 technical support, contacting 12 testing memory 93 TLS, enabling 66, 91 Troubleshooting page 88
U
UDP ports 19 unifying email aliases 65 un-whitelist 33 updating firmware 21, 76 spam and virus definitions 75 Use MX Records field 64 User Features page 60 user preferences, changing 106 user settings backing up 62 restoring 74
V
viewing message details 35 Virus Checking page 37 virus checking, enabling and disabling 37 virus definitions, updating 75 virus notification, enabling and disabling 37
W
warranty policy 12 Web GUI syslog 77 Web interface port, configuring 42 whitelist, adding messages to 33